[rubygems/rubygems] filter dependency type and name strictly.

Co-authored-by: Yusuke Endoh <mame@ruby-lang.org> https://github.com/rubygems/rubygems/commit/92892bbc3a
author: Hiroshi SHIBATA <hsbt@ruby-lang.org> 2019-09-25 21:34:55 +0900
committer: Hiroshi SHIBATA <hsbt@ruby-lang.org> 2019-09-26 17:48:01 +0900
commit: 1eb503373e808b9cd2e1dbff5ec72d151a74d981 (patch)
tree: d4fcdd32eb7c799e8fcbb0f7aa983df3befc82bd /lib/rubygems
parent: 0b65a7a19e949eece72a6a961a2642c0e5e19eb0 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/rubygems/installer.rb b/lib/rubygems/installer.rb
index 898f6e46a1..0ffddc52fc 100644
--- a/lib/rubygems/installer.rb
+++ b/lib/rubygems/installer.rb
@@ -754,7 +754,11 @@ class Gem::Installer
       raise Gem::InstallError, "#{spec} has an invalid specification_version"
     end
 
-    if spec.dependencies.any? {|dep| dep.type =~ /\R/ || dep.name =~ /\R/ }
+    if spec.dependencies.any? {|dep| dep.type != :runtime && dep.type != :development }
+      raise Gem::InstallError, "#{spec} has an invalid dependencies"
+    end
+
+    if spec.dependencies.any? {|dep| dep.name =~ /(?:\R|[<>])/ }
       raise Gem::InstallError, "#{spec} has an invalid dependencies"
     end
   end
author	Hiroshi SHIBATA <hsbt@ruby-lang.org>	2019-09-25 21:34:55 +0900
committer	Hiroshi SHIBATA <hsbt@ruby-lang.org>	2019-09-26 17:48:01 +0900
commit	1eb503373e808b9cd2e1dbff5ec72d151a74d981 (patch)
tree	d4fcdd32eb7c799e8fcbb0f7aa983df3befc82bd /lib/rubygems
parent	0b65a7a19e949eece72a6a961a2642c0e5e19eb0 (diff)